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Appendix A 



[0000] This is a continuation-in-part of co p ending U.S. patent application Serial Number 
10/639,038 filed Aug 11, 2003 (abondoned) . and a continuation-in-part of Serial Number 
10/613,902 filed July 3, 2003 (abandoned), and a continuation-in-part of Serial Number 
10/427,793 filed April 30, 2003, and a continuation-in-part of Serial Number 10/135,319 filed 
April 29, 2002 (abondoned) . These applications in their entirety are incorporated by 
reference herein. 

[0002] Portable game systems that generate player controlled objects in simulated worlds 
for display on an LCD screen are well known and are described in US patent 6,369,827. It 
is also well known to store game program instructions and graphics data in digital memory 
cartridges that plug into such portable game systems. Even if such digital memory 
cartridges include a trademark and copyright notice as described in US patent 5,184,830, 
software pirates disregard such notices. Game software in executable form is easily copied 
and is often sold by software pirates in counterfeit cartridges and disks and is distributed 
freely on the Internet. It is also known to protect programs by storing them in a digital 
memory in the same processor chip that executes the program instructions as described in 
US patent 6,339,815. It is also known to include microprocessors in portable game 
cartridges as described in US patent applications 2002/0028710 and 2003/00501 16. 
Crypto microprocessors that execute encrypted programs using bus encryption are also 
disclosed in my US patent 4,278,837. It is also known to transmit video game software in 
encrypted form over a data transmission network as disclosed in US patent 6.712,704 . 
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[0003] Software for game systems has been distributed on lascrrcadablc o p tical disks 
for use in game systems. Game softwa r e is typically pressed into optical disks during disk 
fabrication and may be encrypted for copy p r otection. Mo r e than a hundred patents have been 
issued for o p tical disks, enc r yption, and related technologies, such as US patents 6 ,081,785 and 
6,175,629. 

[0004] Piracy of p ortable game software (program instructions and data) is similar to 
piracy of music software. When digitized music is read from a data storage medium or 
decrypted so that it can be converted to analog sounds that can be heard, the digitized music 
is easy for pirates to copy. But there is one major difference between music and game 
software. Game programs do not have to be heard or seen by their users and hence game 
programs do not have to be executed in easily accessible portable game system processors. 

[0007] The preferred embodiment of this invention is an electronic game system for 
distributing game software (programs and data) in encrypted form on an o p tical disk o r 
in a memory cartridge togethe r with an enc r y p ted key for decry p ting the encrypted 
software. Alternatively, such that the encrypted software may be downloaded from a 
server into a memory cartridge or other data storage device together with an encrypted key. 
Non-encrypted software may accompany the encrypted software. The game system requires 
a crypto processor that decrypts the encrypted key as a function of a unique and secret 
crypto processor identifier. The crypto processor then uses the decrypted key to decrypt 
the encrypted software for execution. Decrypted programs are preferably executed in the 
crypto processor chip and are not externally accessible, but may also be executed in a 
conventional processor. Encry p ted software on an o p tical disk is accom p anied by a second 
crypto processor chip containing the encry p ted key. 
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[0009] BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 is a general block diagram of one embodiment that includes a disk 
cartridge connected to a portable game system. 

Fig. 2 is a block diagram of one embodiment that includes a disk cartridge with a 
first c r ypto pr ocessor connected to a second cry p to p rocesso r in a portable game system. 

Tig. 3 is a block diagram of anothe r embodiment that includes additional 
encryption. 

Fig. 4 is a p erspective view of a p ortable game system with a disk cartridge and 
crypto processor. 

Tig. 4a is a block diagram of a p ortable game system with an internal cry p to 
pr ocesso r and an external cartridge. 

Tig. 5 is a block diagram of crypto functions used in a disk pressing p lant. 

Tig. 6 is a detailed block diag r am of one embodiment of crypto processor 52. 

Tig. 7 is a block diagram of another embodiment that reads an encry p ted key 
from an o p tical disk. 

Tig. 8 is a block diagram of another embodiment that reads an encrypted key 
from a bar code burned into an o p tical disk. 

Tig. 9 is a block diagram of another embodiment that includes a ROM cartridge 
with a c r y p to processo r . 

Tig. 10 is a p erspective view of two human game p layers operating portable 
game systems having LCD devices that display multiple articulated body parts of p laye r 
controlled characters. 

Tig. 1 1 is a perspective view of a p ortable game system with a crypto cartridge and 
displaying a 3D image of a player character and a non»playcr cha r acte r . 
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Tig. 12 is a perspective view of a cartridge circuit board having cry p to processor 303 
and ROM 97 attached to the ci r cuit board. 

Fig. 6_ 43 is an example of a memory map illustrating software stored in ROM 94 in 
crypto processor 52. 

Fig. 6a, 46a is an example of a memory map illustrating software stored in ROM 343 
in crypto processor 303. 

Fig. 14 is a block diagram of an embodiment in which an encrypted disk serial 
number is sent to a game server that downloads software. 

Fig. 15 is a block diagram of an embodiment in which a chip identifier is sent to a 
game se r ver that downloads software. 

Fig. 7_ +6 is a memory map of RAM 90 storing game software from an o p tical disk . 

Fig. 7a +6a is a memory map of RAM 96 432 storing non-encrvpted downloaded 
software, game enhancements . 

Fig. 17 is a block diag r am of a game server downloading encry p ted game softwa r e 
enhancements. 

Fig. 8. 4$ is a memory map illustrating one kind of enhancement software having an 
encrypted address table. 

Fig. 1_ 49 is a block diagram of a preferred embodiment in which an encrypted chip 
identifier is sent to a game server that downloads software. 

Fig. 2_ 20 is a block diagram of crypto communications between the game server and 
the crypto processor memory cartridge 1 6 shown in Fig. L 49. 

Fig. 3. 24 is a block diagram of a game server downloading encrypted game software 
to a video game console memory cartridge 16 shown in Fig. L 49. 

Fig. 4. 22 is a block diagram of a game distribution system in which a retail computer 
helps transfers data between server 120 and cartridge 16. 

Fig. 5_ 23 is a block diagram of crypto communications between the game server and 
the memory cartridge 16 crypto processor chip 303 shown in Fig. 4. 22. 
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DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENT 



[0010] Fig. 1 illustrates a p r efer r ed embodiment of a game system that comprises cry p to 
memo r y cartridge 1 6 connected to portable game system 47. The objective is to securely 
execute and process in portable game system 47 the encry p ted software ( p rograms and data) 
read from tracks 82 of disk 43 housed in ca r tridge 1 6 . The software on disk 43 (or in 
semiconductor memory 9 7 in Tig. 9 ) is block encry p ted using a symmetric digital key Kl. 
Disk 43 is accom p anied in each cartridge 1 6 by a cry p to processor 303 (detailed in Tig. 2) 
that contains key Kl that enables decry p tion of the encrypted softwa r e in cry p to pr ocessor 52 
which is solde r ed into the circuit board in p ortable game system 47. Decryption key Kl is 
not p e r manently stored in crypto processor 52 or in portable game system 47 and typically 
would be changed for each game title. When key Kl is changed for encrypting the software 
on disk 43, key Kl is also changed in cry p to processor 303. To prevent accidental se p aration 
of disk 43 and co rr es p onding processor 303, both com p onents are housed togethe r in the 
same cartridge 1 6 . 

[0011] Because key Kl is stored and distributed in crypto processor 303 but is used fo r 
dec r y p tion in cry p to processor 52, c r y p to processor 303 encry p ts key Kl and transmits the 
encry p ted key through connectors 247 and 27 9 and through data bus 93 to crypto p rocesso r 
52. C r y p to p rocesso r 52 (detailed in Figures 2, 3, and 6 ) decry p ts the encrypted software 
read from disk 43 and stores the decrypted software in volatile memory 9 0 (see Tig. 6 ) which 
is on the same chip as processor core 134 in crypto p rocessor 52 which executes the 
decrypted programs from memory 9 0. Neithe r cry p to processor 303 nor 52 reveal keys o r 
decrypted program instructions outside of the p rocessor chi p s. 
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[0012] Although pirates can make unlimi t ed co p ies of the encrypted software and perhaps 
dist r ibute them on the Internet, the encry p ted softwa r e cannot be decry p ted and executed 
without the two cry p to p rocesso r s 303 and 52 which cannot be copied without knowledge of 
the inaccessible secret keys. 

[0013] Although some of the software for each game may be unenc r ypted on disk 43 and 
be loaded into RAM 53 and be executed and p rocessed by conventional p rocessors 50 and 
301, this unencrypted software is useless without the dec r y p ted software that is 
processed by crypto pr ocessor 52 to interact with unencry p ted software p rocessed 
by p rocessor 50. 

[0014] — Decry p ted programs executed in cry p to p rocessor 52 may generate partially 
processed game data, such as locations and directions of player cont r olled objects and p oints 
of view. This partially processed game data is further pr ocessed by conventional p rocessor 
50 and image co p rocesso r 301 to generate ra p idly changing p ixel dis p lay data in VRAM 302 
fo r dis p lay on LCD screen 22. 

[0015] — Preferably, a small fraction of the p r ograms read from disk 43 would be encry p ted 
and executed by p rocessor 52 while most of the programs from disk 43 would be loaded into 
RAM 53 and executed by p rocessor 50. Programs that arc easy for pirates to r everse 
engineer need not be encrypted. Programs that a r e difficult to reverse engineer and do not 
require rapid access to image coprocessor 301 would be suitable for encry p tion and for 
execution in crypto p rocesso r 52. 
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[0016] Portable game system 47 may remain an open system for non u crypto cartridges 1 6 
which do not require processor 303 and which store conventional software processed by 
conventional p rocessors 50 and 301. P r io r ^a r t cartridges containing unencrypted p r og r ams 
would not use crypto processor 52. 

[0017] Conventional processor 50 is shown in Fig. 1 receiving control data from manual 
control members such as joystick 20, cross"Switch 15, and button^switch 14, but some of the 
cont r ol data should be routed by processor 50 through data bus 9 3 to crypto p rocessor 52. 

[0018] Tig. 2 illustrates an embodiment in g r eate r detail. For clarity, only the encry p ted 
softwa r e will be discussed. Encrypted game programs and data are read f r om tracks 82 on 
optically readable disk 43 into RAM buffer 9 7. Accompanying disk 43 is crypto processor 
303 containing a nonvolatile data memory storing a block of data that includes symmetric 
key Kl (reference 100), game title identification number 1 14, and serial number 101. 

{0019} Each cry p to pr ocessor chip 303 in this embodiment has a different serial number 
that is loaded into the crypto p rocesso r chip 303 during assembly of ca r tridge 1 6 (see Fig. 5) 
so that each block of encrypted data on line 6 1 will be encry p ted differently. This prevents 
pirates from using c r yptanalysis that de p ends on constant unencrypted data such as key Kl 
and game id for a given game title. 

[0020] Block encryption p rocess 147 encrypts the data bloek (Kl, game id, serial) to produce 
a block of encry p ted data on line 61 for transmission to cry p to processor 52. The key used 
for this transmission should not be the same key for every transmission, because this would 
provide constant encrypted key data that could be distributed on the Internet. 

- 7 - 



[0021] Instead, a different session key 304 is used cvciy time data is transmitted on line 6 1 
to p r ocessor 52. This session key 304 is generated by random number generator 31 1 in 
crypto processor 52. To prevent a pirate from supplying an unauthorized encrypted Kl key 
on line 6 1 or supplying a bogus session key, the session key 304 is encrypted by block 
encryption process 30 6 under control of a symmetrical chi p key 131 (key K3). 

[0022] Crypto p rocessor 303 has the same chip key K3 so that only genuine p rocessor 
chips 303 can decry p t the encrypted session key in block decryption process 307. Since 
random number generator 31 1 in processor 52 generates a different session key for each 
transmission to pr ocessor 303, the encry p ted session key is also different every time process 
306 transmits an encry p ted session key to processor 303. 

[0023] This deprives p i r ates of a constant session key they need for cryptanalysis. It also 
prevents pirates from bypassing processor 303 by sending unauthorized data directly into 
processor 52 on lines 6 1 and 71. Lines 6 1 and 71 are part of data bus 9 3 in Tig. 1 and may 
be multiplexed. 

[0024] To insure that session key 304 is truly random and not pseudo random, a thermal 
noise source 310 can generate seed for random number generator 31 1 as desc r ibed in US 
patent 4,694,412. 

[0025] When the encry p ted session key is decrypted by process 307 under control of chi p 
key K3, the resulting plain session key 304 in p rocessor 303 controls block encry p tion 
p rocess 147 of key Kl, game id, and serial for transmission on line 61 to processor 52. 
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[002 6 ] When the encry p ted block (key Kl, game id, serial) is received on line 61 by 
crypto pr ocessor 52, it is block decry p ted using the same random session key gene r ated 
microseconds earlier by random number generator 311. 

[0027] Decry p ted key Kl is then used by block decry p tion p rocess 1 1 1 to decrypt blocks 
of encrypted programs and data from RAM 9 7 to produce decry p ted blocks of programs and 
data that are stored into RAM 9 0. 

{0028} One of the first blocks to be decrypted by process 1 1 1 may include the game title 
identification numbe r in RAM 9 0 which is then compa r ed to the decrypted game title 
identification number 1 14 by ve r ification p rocess 136. If the two game id's do not match, 
an er r or message may be displayed on LCD 22. 

[0029] Decrypted serial numbe r 101 in crypto p rocessor 52 should not be revealed outside 
of processor 52 because that would provide pirates with known plaintext to encryption 
process 147. However, a block encry p ted serial number (not shown in Tig. 2) may be 
displayed on LCD 22. 

[0030] Tig. 3 illustrates another embodiment in which the key data block (key Kl, game 
id, and serial) is stored in crypto p rocessor 303 in encry p ted form in nonvolatile memory 
9 4. Enc r ypted key Kl is p referably doubly encrypted by block encryption process 147 in 
processor 303 unde r cont r ol of session key 304. The encrypted data block in memory 94 is 
previously block encrypted under control of key K2 that is not stored in p rocessor chi p 303. 
This is to deter insider theft of key Kl during manufacturing. Cry p to processor 52 doubly 
decry p ts key Kl, game id, and serial using session key 304 and chip key 98 (K2). 
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[0031] Workers in plants that load key data into cry p to p r ocessor 303 would not know the 
values of key K2. Workers in plants that load key data into crypto pr ocessor 52 would not 
know the values of key Kl . This separation of functions is important for internal security. 

[0032] Tig. 4 is a perspective view of p ortable game system 47 with disk cartridge 1 6 
containing optical disk 43 and crypto processor 303. Serial port 40 is for a link cable to 
connect p ortable game system 47 to a console video game system so that portable game sys t em 
47 may be used in p lace of a controller or as an auxiliaiy dis p lay. 

[0033] Tig. 4a is a simplified block diagram illustrating portable game sys t em 47 
with an internal cry p to security processor 52, external memory ca r tridge 1 6 , and se r ial 
port 40. 

{0034} Tig. 5 is a block diagram illustrating disk fabrication pr ocesses used in a disk 
p ressing p lant fo r writing data onto disk 43 and into cry p to p r ocessor 303. Random 
numbe r generato r 55 generates a p scudo r andom symmetrical encryption/decry p tion key 
100 (key Kl). Key 100 controls block encry p tion process 133 which encry p ts p lain 
game pr ograms and data 104 to p roduce encry p ted game p rograms/data 9 7 which arc 
molded as tracks 82 into disk 43 by disk molding/pressing machine 149. 

[0035} Key 100 (key Kl), game title identifier 1 14, serial number 101, and othe r 
optional encry p ted keys a r c block encry p ted by encryption process 12 9 under control of 
key 98 (key K2) selected from key table 1 10 to p roduce encrypted block 9 4 which is 
stored into crypto processor 303 in the Tig. 3 embodiment. A randomly generated key 
selection number 113 specifies which key 98 is selected from table 1 10. 
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[003 6 ] Adder 64 generates a disk identification serial numbe r 101 which is different fo r 
each disk. Key 9 8 (key K2) is also stored into crypto p rocesso r 52. 

[0037] Alternatively, the key block may be molded as track 148 into disk 43 (see Fig. 
7) by disk molding/pressing machine 149 at the same time tracks 82 are p ressed. 

[0038] In addition, key selection number 113 (see Fig. 6 ) may be stored into cry p to 
processor 303 or disk 43. 

[003 9 ] Fig. 6 is a detailed block diag r am of one embodiment of crypto processor 52. 
To deter p irates from providing bogus encrypted blocks on line 61, a random bit string is 
generated by crypto p rocessor 52 and sent to crypto p rocesso r 303 which p rocessor 303 
immediately alters and returns to processor 52 on line 61. Res p onse timer 314 in 
processor 52 measures the number of clock cycles between sending the bit stream and 
receiving the cor r ect res p onse in pr ocessor 52. Res p onses delayed less than m clock 
cycles o r more than n clock cycles are r ejected as bogus. 

{0040} When decry p ted p rograms and data are stored into RAM 90, processor core 
134 executes decrypted prog r am instructions f r om RAM 134 in addition to instructions 
stored in boot ROM 91. 

[0041} Crypto processor 52 typically executes dec r ypted p rograms from memory 9 0 while 
cartridge 1 6 is inserted into portable game system 47. Alternatively, cartridge 16 may be 
removed from connector 279 and the decrypted game programs in memory 9 0 may be 
executed by processor 52 as long as portable game sys t em 47 is elect r ically p owe r ed. 
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[0042] Communication between crypto p rocessor 52 and conventional pr ocessor 50 is 
through SRAM 23 9 that is bus multiplexed as desc r ibed in detail in my co p ending US 
patent ap p lication se r ial number 10/427,7 9 3 filed A p ril 30, 2003. 

[0043] Tig. 7 is a block diagram of another embodiment in which encrypted key Kl is 
read from track 148 on disk 43 instead of being stored in crypto processor 303. Game 
identifier 54 is stored into crypto processor 303 for comparison with encrypted game 
identifier 1 14 in cry p to processor 52 to p revent pirates f r om using one processo r 303 for 
many different games. 

[0044] Tig. 8 is a block diagram of another embodiment in which encrypted key Kl, 
game id, and serial number are read from bar code 80 that is laser burned into o p tical 
disk 43 after molding instead of being stored in crypto p rocessor 303. Game identifier 
54 is stored into cry p to p rocessor 303 for compa r ison with encrypted game identifier 
1 14 in crypto processor 52 to prevent pirates from using one processor 303 for many 
diffe r ent games. 

{0645} Tig. 9 is a block diagram of another embodiment in which encrypted programs 
and data arc read from semiconductor memory 9 7 instead of from o p tical disk 43. 
Memory 9 7 and crypto processor 303 are housed in cartridge 16 (see Fig. 12). 

[6046} Tig. 10 is a pictorial view of two human game p layers 10 and 12 operating portable 
game systems 44 and 47 having LCD devices that dis p lay multi p le articulated body parts of 
player controlled cha r acters, such as arm 59, hand 36, and wrist 37. Player controlled 
objects are exemplified by pipe 35. 
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{0047} Tig 1 1 is a pe r s p ective view of p ortable game system 47 dis p laying a 3D p ictu r e on 
LCD 22 of two animated cha r acters that have multi p le body parts. Movement of the body, 
arms, and legs of the humanlike p layer character are controlled by manually o p erated 
control devices such as cross - s witch 15, push button switches 14, and other manually 
operated devices. One embodiment of cartridge 1 6 is shown in Fig. 1 1 inse r ted into p ortable 
game system 47. 

{0048} Tig 12 is a pers p ective view of a cartridge circuit board 2 99 with crypto processor 
303 and ROM 9 7 attached. ROM 9 7 can be a separate chip as shown, or it can be included 
on the cry p to processor 303 chip. See Tig. 9 for this embodiment. 

{0049} r0091.11 Fig. 6. 43 is an example of a memory map of program instructions and 
data stored in boot ROM (not shown) 9* in crypto processor 52 for execution and processing 
by processor core 134. Some of these instructions may be stored in RAM 90 instead. For 
example, some of these instructions may copy position data, location data, direction data, 
and/or textu r e data from RAM 90 to SRAM 239. 

{0050} f0091.21 Fig. 6a +3a is an example of a memory map of program instructions and 
data stored in boot ROM 3*3- (not shown) in crypto processor 303 (Figs. 4 and 5) . 
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[0051] Tig. 14 illustrates an embodiment of a video game system 1 9 that includes — cry p to 
processor 52 (preferably attached to the motherboard of video game system 42), memory 
cartridge 16 containing downloaded software, Internet 121 or tele p hone line data 
transmission, o p tical disk 43, TV 11, and components housed in video game console unit 42. 
For clarity, the housing of unit 42 is not shown. Disk reade r 83 r eads video game p r og r ams 
and data from tracks 82 into RAM 90. Disk reader 83 may also read game identifier 1 14 
from leaden track 148. Tracks 82 and 148 arc typically pressed into disk 43 during disk 
fabrication. Disk reader 83 may also read encry p ted control record 9 4 from bar code 80 
which is typically burned into o p tical disks in a ring u sha p cd "Durst Cutting Area" (DCA) 
afte r the p ressing process. Each bar code 80 includes an encry p ted control record which 
includes a unique serial number 101 for each disk (see Figures 4, 5, and 6). Serial number 
101 is block encrypted together with authenticating data o r r andom filler bits. 

[0052] Game software in RAM 9 0 consists of programs and data r ead from disk 43. These 
pr og r ams execute in p rocesso r 86 which may include one or more co p rocessors. Execution 
is ty p ically f r om omchip cache memory 128 which is faster than executing from RAM 9 0. 
Prog r ams executed in p r ocessor 8 6 p rocess data from RAM 9 0 and gene r ate p icture data 
from which video signal generato r 117 generates video signals fo r display on TV 1 1 o r othe r 
video display such as LCD flat panel displays. P r ocesso r 86 may also be connected to one o r 
more p ortable game systems 44 or othe r user in p ut control devices by cables or wireless 
equivalent (not shown in Fig. 14) such as infrared, ultrasonic, RT waves, o r othe r data 
communicating fo r ms of energy. 
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[0053] When enhancement software is downloaded from game server 120, an Internet or 
telephone line connection 121 is tem p o r arily established between server 120 and a modem 
located in console 42 or attached to console 42. For clarity in Tig. 14, this modem is 
illustrated as a sending (modulating) modem 137 and a receiving (demodulating) modem 
138 separately to show data flow. Game identifier 1 14 read from disk 43 and encry p ted 
cont r ol r ecord 9 4 read from disk bar code 80 are transmitted to game server 120. Game 
identifier 114 selects enhancement software for downloading and encry p ted cont r ol reco r d 
9 4 is dec r ypted in the server fo r custome r identification (sec description below with 
reference to Fig. 6 ). 

[0054] In the p refer r ed embodiment, server 120 downloads at leas t four kinds of 
enhancement software : non^encrypted p rog r ams and/o r data 96 , encrypted p rograms and/o r 
data 97, key selection byte 113, and encrypted key 124 (Kl). These four kinds of 
downloaded softwa r e, and game identifier 114, and encry p ted control record 9 4 arc stored in 
removable nonvolatile read/write data memory cartridge 1 6 or ha r ddisk (not shown). It is 
recommended that use r s download enhancements into a se p a r ate cartridge 1 6 fo r each 
disk 43 to insure the r e will be sufficient memory space for future enhancements. When 
remaining cartridge memory s p ace is insufficient for further enhancements, it is time fo r an 
upgrade to the next edition of disk 43 in the game se r ies. 

{0055} Nontmerypted downloaded software 96 is copied into RAM 132 (RAM D) fo r 
execution and/or processing by processor 86 for additional levels and other enhancements. 
Software in RAM 132 would typically have substantially fewer bytes than software in RAM 
9 0 because enhancement software 9 6 in RAM 132 makes use of unfinished and un p layable 
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software road from disk 43 into RAM 9 0. RAM 9 0 and RAM 132 may be different p arts of 
the same RAM memory, but arc shown se p arately in Tig. 14 for cla r ity. 

{0056} Encry p ted software 97 is also downloaded f r om server 120 and p rovides essential 
but secret functions for enhancement software in RAM 132 to execute. Dy kee p ing sec r et a 
small but essential p art of the enhancement software, protection against illegal software 
copying is provided. Tor exam p le, digital links between software in RAM 132 and RAM 90 
would typically be required. If these links are in RAM 132 or RAM 90, they are at risk of 
being illegally co p ied. Dut if these digital links arc never stored in RAM 132 or 9 0 in 
decry p ted form, but instead are stored in inaccessible SRAM 104, the links cannot be co p ied. 
Another exam p le is a small program decrypted in decry p tion box 1 1 1 in cry p to processor 52 
and stored in SRAM 104 and executed in processor core 134. This small p rogram may 
p r ovide a tradc u sccrct method of character movement, character intelligence, special sound 
generation, or other game element that is difficult to pr ogram and therefore may provide a 
com p etitive advantage if secu r ely executed in crypto processor 52, rathe r than in pr ocesso r 
86t 

f0057} Processor core 134, RAM 104, buses 1 15 and 1 1 6 , and other com p onents in cry p to 
p rocesso r 52 should be integrated into one application^specific circuit that is physically 
p rotected as described in my bus»cncryption patent US 4,278,837. Secret p rog r ams, data, 
and keys arc stored in volatile static RAM powe r ed by electric battery or cell 130. Attem p ts 
to p hysically probe, scan, or p eel the crypto chi p should result in loss of voltage to RAM 104 
and key tabic 1 10, which should r esult in destruction of all sec r et data in crypto processo r 
52: 
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{0058} Dricfly refer r ing to Tig. 17, enhancement softwa r e 9 7 is encrypted in se r ver 120 
using block encry p tion method 133 such as DES or a simila r block encry p tion method under 
control of a sec r et session key 100 (key Kl) which is a random numbe r generated by se r ver 
120. Key Kl is then encrypted to p roduce encrypted key 124 (encrypted key Kl) using a 
block encryption method 129 (which may be the same or simila r to 133 and 99 ) under 
control of secret key K2 selected from sec r et key table 1 10 by a onc^byte key selection 
number 113. Key selection number 113, and encry p ted key 124 (encrypted key Kl) arc 
downloaded, along with encrypted software 9 7, and noivcncryptcd software 96 to game 
console 42. 

[0059] r0071.51 With reference to Tig. 14, Each crypto processor 52 has the same table 1 10 
of secret keys, mentioned above with reference to Fig. 1 9 . Key selection number 113, 
hidden somewhere in encrypted software 97, selects key K2 from key table 1 10. Key K2 
then controls block decryption 99 to decrypt key block 94 encrypted key 124 (encry p ted key 
Ki) to produce plain decryption key Kl in register 100. 

f0059} [0072.11 Key Kl then controls block decryption 1 1 1 of encrypted software 97 
which is read from memory cartridge 16 by crypto processor 52, one block at a time, into 
input buffer 103, to produce decrypted blocks on internal data bus 1 15. After performing 
cyclic redundancy check (CRC) +36 on each decrypted block, processor core 134 stores each 
block of decrypted program and data into battery-powered SRAM 104 or other non-volatile 
memory. 
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{0060} [0072.21 Although it may be tempting to simplify crypto processor 52 by 
eliminating key table 1 10, this would result in one secret master key K2 that would be the 
same in every crypto processor chip 52. That would be excessively risky and is not 
recommended. The keys in key table 1 10 can be further disguised by mixing randomly 
located decoy bits among the key bits in table 110. If an intruder succeeded in penetrating 
the physical security of crypto chip 52 without loss of secret data in SRAM 104 and key 
table 1 10 and discovered the bit values in table 1 10, the intruder would not be able to make 
use of those bits as key without also discovering the program instructions in ROM -B4 and 
SRAM 104 and learning where to remove the decoy bits from key K2 read from table 1 10. 

[00 6 1] f0072.31 After decrypted programs and data are stored in SRAM 104, processor 
core 134 executes the program instructions from in SRAM 104 which and communicates 
with processor 86 by a series of digital semaphores in input buffer 103 and output buffer 105. 
Using semaphores, perhaps encrypted, avoids the possibility of an intruder addressing data in 
SRAM 104. Internal address bus 1 16 and data bus 155 should be inaccessible, either as 
input or output, from outside of crypto chip 52. Data in RAM 96 132 and/or RAM 90 
needed by processor core 134 is indirectly passed by way of processor 86 and buffer 103. 
Data needed by p r ocessor 86 to link software in RAM 132 and RAM 9 0 need not be stored 
in cither RAM 132 or RAM 90. Instead, the linkage data may be r ead into cache 128 which 
should be inaccessible by probing or at external terminals. 
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[00 6 2] With reference to Fig. 15, most of the components and functions discussed above 
with refe r ence to Fig. 14 arc the same in Fig. 15, exce p t for the following differences: The 
enc r ypted control reco r d 9 4 that is r ead from ba r code 80 on disk 43 and which is different 
for every disk, is not available to memory cart r idge 1 6 in this exam p le. Hence, encry p ted 
control record 9 4 is not available for transmission to server 120 in Fig. 15. To prevent 
pirates from distributing unauthorized copies of encrypted programs/data 9 7 and encrypted 
key 124, each crypto processor chi p 52 in Fig. 15 includes a unique, inaccessible, chip 
identifier 13 9 which is different for every crypto chip 52. This chip identifier 13 9 is 
transmitted to game serve r 120 to identify the custome r 's game system. Game serve r 120 
retransmi t s the chip identifier back to modem 138 in encry p ted data block 9 7 or block 124 so 
that processor core 134 can compare the returned chip identifie r to hardware chi p identifier 
13 9 in c r y p to pr ocessor chip 52. If the r e is no match, further decryption of enc r y p ted 
programs 9 7 is inhibited. Chi p identifier 13 9 may also be used in the Fig. 14 system so that 
reco r ds may be ke p t in server 120 identifying which disk serial numbe r s are used with which 
cry p to p rocessor chi p 52. 

[0063] [Q09L31 Fig. 7_ i6 is a memory map of RAM 90 (Fig. 1) (RAM A) for exemplary 
software, read from disk 43. These program instructions and data are typical for 
conventional video games. 

r0091.41 Fig. 7a 16a is a memory map of RAM 96 (Fig. 1) 132 (RAM D) for exemplary 
non-encrypted enhancement software 96 downloaded from server 120. Software 96 would 
typically not include all software needed to play an enhancement level, but after downloading 
would be linked to software in RAM <KL A read from disk 43. Such a combination of 
software in RAM 2Q A and RAM 96 fi would provide new playable game levels. 
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f0064J Fig. 17 illustrates functions of game server 120 that p rovides downloadable game 
enhancements. Game enhancement softwa r e is sto r ed in database 122 together with 
co rr esponding key selection number 109, and key selection number 113. Custome r r eco r ds 
fo r each game title arc stored in database 143 by disk se r ial number 101 or chip identifier 
13 9 . When an enhancement is requested over an Internet o r telephone link 121, game 
identifier 114 and encrypted control record 9 4 are uploaded to server 120, as described above 
with r eference to Fig. 14. 

[00 6 5] Using game identifier 1 14, database reader 123 reads data from database 122 to get 
the cor r es p onding key selection number 10 9 . Selection number 10 9 selects key K4 f r om key 
table 1 10. Encrypted cont r ol record 9 4, that was read from bar code 80 on disk 43 in Tig. 
14, is then decrypted by block decry p tion process 142 under control of key K4 to p roduce 
decrypted serial number 101 and random filler bits. P r ocess 102 checks se r ial number 101 
against database 143 to determine which enhancement number 141 is next for downloading. 
Database reader 123 reads enhancement softwa r e from database 122 indicated by 
enhancement numbe r 141 and game identifier 1 14. Non-encrypted software 9 6 is 
transmitted to a user's video game console 42 as described above with reference to Tig. 14. 

{0066} Defore enhancement software 9 7 is downloaded, it is block encrypted by process 
133 under cont r ol of a randomly generated decryption key 100 (key Kl). Key selection 
number 113 selects key K2 from key table 110 and block encry p tion process 12 9 unde r 
control of key K2 encrypts key Kl to p r oduce enc r ypted key 124 which is downloaded to the 
user's console 42. 
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[0067] r0091.51 Fig. 8_ W is a memory map that illustrates digital links (1, 2, 3, 4, 5, 6) 
between portions of non-encrypted disk software stored in RAM 90 (RAM A) and 
downloaded portions of non-encrypted software 96 stored in RAM 96 i32 (RAM B). 
Downloaded address table 140 of these digital links is reencrypted by a program in SRAM 
104 (Fig. 1_ -M) and is sent from crypto processor 52 in reencrypted form on data bus 93 to 
processor 86 which decrypts table 140 and stores it in cache 128. The combined software in 
RAM A and RAM B in this example is not executable without decrypted table 140 in cache 
128. Address table 140 in decrypted form is not stored in RAM 90 or RAM 26 432, nor is it 
accessible from processor 86 or data bus 93. Encrypted address table 140 is decrypted in 
processor 86 using program instructions already in cache 128 and/or ROM in processor 86. 

[0068} [0091.61 As described above with reference to Fig. 14, Several other trade secret 
programs may be securely decrypted and stored in SRAM 104 (Fig. 1) in crypto chip 52 
and executed in processor core 134. This may provide a proprietary method of character 
movement, character intelligence, special sound generation, or other game element that is 
difficult to reverse engineer and program and therefore may provide a competitive advantage 
if securely executed in crypto processor 52. 
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[0069] Fig. L *9 illustrates a preferred embodiment of a video game system 19 that 
includes crypto processor 52, memory cartridge 16, Internet 121 or other tele p hone line 
data transmission, modem 137/138, TV 1 1, and components housed in video game console 
unit 42. Crypto processor 52 may should be attached to the motherboard of video game 
console 42 or portable game system 44 4? so that attempts to replace processor 52 with 
an unauthorized processor would destroy traces within the motherboard. For clarity, the 
housing of unit 42 is not shown. 

[0070] Unlike the examples in Figures 1 » 8, 14 and 15, the example shown in Fig. 19 has 
no optical disk 43 or crypto processor 303. Like the unique chip identifier 13 9 in Fig. 14, 
a- A unique chip identifier 139 is stored in crypto chip 52. in Fig. 1 9 . Chip identifier 139 is 
sent to game server 120 in encrypted form to deter known-plaintext attacks on key block 94. 
Encryption process 147 block-encrypts chip identifier 139 together with a random serial 
number using a random session key 304 (K4) to produce encrypted block 323 (see Fig. 2 
20). Encrypted block 323 is transmitted to game server 120 along with requested game 
identifier 1 14. 

[0071] Server 120 downloads the requested non-encrypted software 96 into cartridge 16 
and block encrypts the requested encrypted software 97 as a function of randomly generated 
key Kl (see Fig. 3_ 2*). Server 120 also block encrypts key Kl together with chip identifier 
139 and random filler bits to produce key block 94. The encrypted key block 94 is also 
downloaded from server 120 into cartridge 16. In crypto processor 52, block decryption 
process 99 decrypts key block 94 to produce decrypted key Kl (reference 100), decrypted 
chip identifier 139, and filler bits (not used). It is important that these data fields be 
encrypted together as one block and not as individual fields or bytes, so that each bit in the 
encrypted block 94 is a complex function of every bit of the decrypted block and of every bit 
of key K2. 
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[0071.5] from [0059] 

[0072] no change 

[0072.1] from [0059] 

[0072.2] from [0060] 

[0072.3] from [0061] 



[0073] Downloaded non-encrypted programs 96 are executed in processor 86 which may 
include one or more coprocessors. Programs executed in processor 86 process data from 
RAM 96 and generate picture data in RAM 90 from which video signal generator 117 
generates video signals for display on TV 1 1 or other video display such as LCD flat panel 
displays. Processors 66 may also be connected to one or more portable game systems 44, 
4?; or other user input control devices by cables or wireless equivalent (not shown) in Fig. 
i9) such as infrared, ultrasonic, RF waves , or other data communicating forms of energy. 

[0074] Fig. 2_ 20 illustrates crypto communication between game server 120 and crypto 
processor chip 52 in greater detail than shown in Fig. L **9 and Fig. 3_ 2*. In the right and 
lower portion of Fig. 2_ 29, decryption 99 of key block 94 and encrypted game programs and 
data 97 are shown. These functions arc also described above with r efe r ence to Fig 9 . Both 
key block 94 and encrypted programs 97 are downloaded from server 120 and decrypted in 
crypto processor 52 as shown in Fig. l_ +9. To prevent pirates from distributing this 
encrypted data 94 and 97 in bogus cartridges and from the Internet, it is necessary in this 
example for the downloaded data block 94 to be usable only in the specific crypto processor 
52 owned by a person who paid for a license to use encrypted game programs and data 97. 



[0075] Key block 94 is made different for each user by including a unique chip identifier 
139 in each crypto processor chip 52 and in each block encryption process 129 in the game 
vendor's server 120. Chip identifier 139 is a unique, inaccessible, and unalterable binary 
number in each crypto processor 52. Chip identifier 139 is shown in Fig. 1_ +5 being 
transmitted to server 120 in the clear and in Tig. 1 9 being encrypted in process 147 before 
being transmitted to server 120. This encryption process is shown in detail in Fig. 2_ 20 and 
prevents pirates from using chip identifiers 139 with corresponding key blocks 94 as 
plaintext/ciphertext pairs for cryptanalysis. 

[0076] Chip identifier 139 in crypto processor 52 in Fig. 2_ 2© is encrypted together with 
random filler bits (not shown) by block encryption process 147 to produce encrypted chip 
identifier 323 under control of a session key 304 (K4) that is randomly generated by random 
number generator 31 1 in server 120. Session key 304 is first generated in server 120, 
encrypted by process 306 under control of key 131 (K3) and transmitted in encrypted form to 
decryption process 307 to produce a plain session key 304 in crypto processor 52. This 
session key process is also described above with reference to Fig. 2. Encryption of session 
keys prevent their use in cryptanalysis of encrypted chip identifiers 139. Symmetric keys 
131 are shown for encryption methods such as DES, but nonsymmetric public key / private 
key pairs may also be used for processes 306 and 307. 

[0077] After encrypted chip identifier 139 is decrypted in block decryption process 142 in 
server 120, plain chip identifier 139 is encrypted together with key 100 (Kl) and random 
filler bits by block encryption process 129 under control of key K2 (reference 98 (from key 
table 1 10) as described above with reference to Fig. 17 and below with reference to Fig. 3 
21-. This encryption process 129 produces key block 94 which is downloaded by server 120 
to RAM in cartridge 16 along with encrypted programs/data 97 as described above with 
reference to Fig. L 
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[0078] When cartridge 16 is inserted into a socket 27 9 in video game system 42 (Fig. 1 
19) or portable game system 44 or4? (Fig. 4. encrypted key block 94 is copied from 
cartridge 16 into input buffer 103 in crypto processor 52 (Fig. 1_ Encrypted key block 
94 is then decrypted in block decryption process 99 under control of key 98 (K2) to produce 
a decrypted key block comprising key 100 (Kl), chip identifier 139, and filler bits (not used). 

[0079] Decrypted chip identifier 139 is then compared to hardware chip identifier 139 to 
determine if they match. If they do not match, decryption of encrypted programs 97 is 
inhibited and a message is displayed on TV 1 1 or LCD 22 that game programs in memory 
cartridge 16 cannot be used with this hardware system 42 or 44 or4?. The cartridge 1 6 
hardware can be used with any game system designed for it, but ca r tridge 1 6 should also 
contain matching software 94 and 9 7 to be usable, in this exam p le. 

[0080] Fig. 3_ 2* illustrates functions of game server 120 that provides downloadable game 
software (program instructions and data) . Game software is stored in database 122 together 
with corresponding key selection number 1 13 which may be different for each game title. 
Customer records for each game title purchased are also stored in database 143 by chip 
identifier 139. When game software is requested over an Internet or other tele p hone link 
121, requested game identifier 1 14 and encrypted chip identifier block 323 are uploaded to 
server 120, as described above with reference to Figures 1 and 2 . 1 9 and 20. 

[0081] Database reader 123 reads requested game software from database 122 specified 
by game identifier 1 14. Non-encrypted software 96 is transmitted to a user's video game 
console 42 as described above with reference to Fig. 1_ +9. 
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[0082] Encrypted chip identifier block 323 contains chip identifier 139 encrypted together 
with a random filler bits 101. Block 323 is decrypted in server 120 using block decryption 
process 142 such as DES or a similar block encryption method under control of session key 
304 (K4) generated by random number generator 311. Decryption of block 323 produces 
decrypted filler bits 101 (not used) and decrypted chip identifier 139. The function of 
random filler 101 is to deter cryptanalytic attacks on block 323. Decrypted chip identifier 
139 is checked for validity by process 102 by lookup in database 143 in addition to CRC 
validation. 

[0083] Encrypted software 97 is encrypted in server 120 using block encryption method 
133 such as DES or a similar block encryption method under control of a secret decryption 
key 100 (key Kl) which is a random number generated by server 120. 

[0084] Random decryption key 100 (Kl), chip identifier 139, and more random filler bits 
are then block encrypted to produce encrypted key block 94 using a block encryption process 
129 (which may be the same or similar to 133 and 147 ) under control of secret key K2 
selected from secret key table 1 10 by key selection number 113. Key selection number 113, 
and encrypted key block 94 are downloaded, along with encrypted software 97, and non- 
encrypted software 96 to game console 42 which stores them into cartridge 16. 
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[0085] Fig. 4. 22 illustrates an embodiment of a video game system 19 that comprises 
components shown in Fig. JL 49 and also has an additional computer 324 operated by a 
retailer to transfer data between server 120 and memory cartridge 16. The user of video 
game console system 42 or portable game system 47-or 44 will take cartridge 16 to the 
retailer to buy game software downloaded from server 120 through the retailer's computer 
324. Retailer computer 324 has software to access server 120 through the Internet 121 
and/or other telephone connection and to request purchase of game software specified by 
game identifier 1 14. Retail computer 324 also has a socket (not shown) into which cartridge 
16 is inserted and electronic components (not shown) to store downloaded software through 
the socket into cartridge 16 memory which may be EEPROM, battery-powered SRAM 
and/or other data non-volatile storage media, as shown for example in Figures 1, 9, 15, 
and 1 9 . Software in retail computer 324 would also include accounting programs to 
record monetary amounts payable to the owner of game software being downloaded from 
server 120. 

[0086] Cartridge 16 has a second crypto processor 303 (described above with reference to 
Fig. 2 and furthe r (described below with reference to Fig. 5_ 23) that transfers the value of 
chip identifier 139 to server 120 through retailer computer 324 using randomly generated 
session keys 304 to deter cryptanalysis. As described below with reference to Fig. 5_ 23, 
server process 311 generates a random session key 304 (K4) to control block decrypting 
process 142 which decrypts encrypted chip identifier 323. In Fig. 4_ 22 the unique binary 
value of chip identifier 139 in game system crypto processor 52 is the same value in 
cartridge crypto processor 303. Hence cartridge 16 crypto processor 303 and crypto 
processor 52 are a matched set that will operate correctly only if used together. 
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[0087] Block encryption process 147 in cartridge crypto processor 303 encrypts chip 
identifier 139 and transmits the encrypted chip id value through retailer computer 324 and 
the Internet 121 to server 120 which generates encrypted key block 94 as described above 
with reference to Fig. 2_ 30. Server 120 then downloads encrypted key block 94 through the 
Internet 121 and retailer computer 324 which stores encrypted key block 94 into cartridge 
16 as shown in Figures 2_ 20 through 5_ 23. Server 120 also transmits encrypted software 
97 and non-encrypted software 96 and 1 13 to retailer computer 324 which stores it into 
cartridge 16 memory. The user of cartridge 16 then inserts it into his game system and the 
data in cartridge 16 is decrypted by crypto processor 52 as described above with reference 
toFig. L-B. 

[0088] Alternatively, retailer computer 324 may write downloaded encrypted game data 
onto a writable disk that can be read by a user's game system disk reader. 83 as shown in 
Figures 14" 15 . 

[0089] There is no need for retail computer 324 or cartridge 16 to be secure from 
tampering because encrypted program data 97 and encrypted key block 94 and encrypted 
chip identifier 323 pass through retailer computer 324 without change. Even if multiple 
copies were made of the software in cartridge 16, the programs and data would be usable 
only in the game system that contains crypto processor 52 with a corresponding chip 
identifier 139. If any alterations or substitutions were made to the encrypted data processed 
by retail computer 324, the data would be unusable. 
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[0090] Fig. 5_ & illustrates in greater detail crypto communications between game server 
120 and crypto processor chip 303 in memory cartridge 16. Fig. 5_ 23 repeats some of the 
processing shown in Fig. 3_ 24- but shows in greater detail how chip identifier 139 is 
transmitted in encrypted form from crypto processor 303 to game server 120 using a random 
session key. After random number generator 31 1 generates session key 304 for decryption 
process 142 as shown in both Figures 3 and 5. 21 and 23 , the same session key 304 is further 
encrypted by block encryption process 306 under control of key 131 (K3). Encrypted 
session key 306 is transferred through Internet 121 and retailer computer 324 to crypto 
processor 303 which decrypts the encrypted session key in process 307 under control of the 
same key 131 (K3) which is permanently stored in processor chip 303. Decryption process 
307 produces the plain decrypted session key 304 (K4) which controls block encryption 
process 147. 

[0091] no change 

[0091.1] from [0049] 

[0091.2] from [0050] 

[0091.3] from [0063] 

[0091.4] from [0063] 

[0091.5] from [0067] 

[0091.6] from [0068] 
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[0092] no change 



[0093] DES is considered obsolete because it has been successfully cracked using 
differential cryptanalysis with massive amounts of plaintext-ciphertext pairs. But in the 
present invention, there need not be any plaintext-ciphertext pairs. The decrypted programs 
are stored in SRAM 104 RAM 9 0 and are not revealed outside of crypto processor 52. 
Likewise much of the data goes no farther than RAM 104 96 and processor core 134. 
By encrypting only program instructions and literal data in instructions, but leaving 
unencrypted the data that is transferred on bus 93 to processor 86 50 in Fig. 1, there will 
be no plaintext-ciphertext pairs that a pirate could use in a cryptanalysis attack. Without 
known plaintext, DES is more than adequate for this application. 

[0094] no change 

[0095] Although encrypted data is accessible on buses bus 6 1 , encryption of variable 
session keys prevents access to encrypted-unencrypted pairs. Hence keys Kl, K2, and K3 
would be very difficult to discover. 

[00 96 ] To distinguish encry p ted data f r om non^cncry p tcd data on disk 43, a table can be 
recorded on disk 43 with tags to indicate which address ranges arc reserved for encrypted or 
non"cncry p tcd data. Tags could also be recorded in header data that precede encry p ted data 
and p recede non u cncryptcd data. 
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[0097] Symmetric key block encryption uses the same secret key for decryption and for 
encryption. Typically this key is at least 64 bits and preferably 128 bits or larger. In the 
preferred embodiment, there is not one master key in processors 303 or 52, because if it were 
compromised, perhaps by an employee or contractor of the game vendor, the processors 
would become useless. Instead, in the preferred embodiment, each of crypto processors 303 
and 52 includes key table 1 10 (sec Tig. 6 ) so that secret key K2 and K3 can be changed in 
mid production of any game title by changing to a different key in the table. If the key bits 
in table 1 10 are intermingled with unused random decoy bits, anybody who accesses the bits 
will not know which bits are key bits without also reading the on-chip ROM or RAM 
program that access bits that are key among bits that are decoys and reconstruct their 
sequence. 

[0098] Key table 1 10 in processors 303 and 52 may be stored in an SRAM powered by a 
battery +30, so that attempts to probe, scan, or peel processor chips 303 or 126 would break a 
power trace and destroy the keys in table 1 10. If key table 1 10 were mask programmed or 
stored in EEPROM or flash ROM, that would reduce security of the keys, unless the key bits 
were rearranged and/or distributed among decoy bits. Keys should not be externally readable 
or changeable in crypto processors 303 or 52. Key table 110 should be physically protected 
against probing, chip peeling, scanning electron microscopy, and voltage-contrast imaging. 
Physical security for chip keys is described in detail in my US patent 4,278,837 for crypto 
microprocessors that use bus encryption. 

[0099] Processor core 134, includes an ALU, registers, a stack, instruction decoder, and a 
program counter to address each executable instruction in sequence in a ROM and SRAM 
104. ROM 9 1 and RAM 90, fetch each instruction, and increment the program counter to 
address the location of the next instruction. 
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[0100] Crypto processor 52 in this example, executes decrypted programs stored in 
SRAM 104 RAM 9 0 that generate intermediate game data that may represent variable 
characteristics of one or more player controlled objects or characters, and/or non-player 
objects that move across a background, and/or 2D or 3D views of a simulated world. The 
game data generated in processor 52 may represent positions, locations, and directions of 
player controlled game objects such as characters with articulated arms and legs and 
predefined textures. Even if animation of arms and legs is performed by a graphics image 
coprocessor 30*, the spatial coordinates, orientation, and direction of movement of the 
character may be specified by processor 52 executing the decrypted program instructions in 
SRAM 104. RAM-96. 

[0101] The game data generated in crypto processor 52 may also represent positions, 
locations, and directions of points of view, and may also represent game scores, game status, 
maps, statistics, object selection, icons, verbal descriptions, instructions, menus, other 
displayable data, and/or signals to trigger music, voice sounds, and sound effects. 

[0102] Data representing background scenery in 2D portable game systems may be 
unencrypted on disk 43 and loaded into RAM 53 because backgrounds are easily readable or 
easily reconstructed by pirates. But the program instructions that determine when and what 
backgrounds are needed and what changes are made to backgrounds (such as a door 
remaining open) may be executed by crypto processor 52 from SRAM 104. RAM 9 0 . 
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[0103] Image coprocessor 301 in 2D systems may perform scrolling, flipping, blending, 
scaling, r otating, fading, windowing, and othe r image processing functions on dis p lay data 
sto r ed in display RAM (VRAM) 302 for display on LCD screen 22. In 3D systems, image 
coprocessor 301 may perform coo r dinate transformations of polygons, texture rendering, 
bump mapping, lighting and shadows, and rasterizing polygon data into dis p layablc pixel 
data in VRAM 302 for display on LCD 22. 

[0104] As used herein, the term "video scrceir includes the display area of a television 
screen, computer monitor, video monitor, ROD monitor, CRT, and the like. The term 
"video" includes composite, non-composite, RGB, monochrome, color, analog, digital, 
raster-scanned, MPEG video, and the like. 

[0105] The details of cartridge 16 and crypto processors 303 and 52 are given here only as 
examples and numerous other designs may be used. 

{0106} As used herein, the term "molded" includes injection molded, p r essed, stam p ed, 
and othe r disk fabrication methods. 

[0107} The term "LCD" (liquid crystal display) has been used herein as an illustrative 
example of any dis p lay appa r atus having discrete doMnatrix picture elements. 

[0108] no change 
[0109] no change 
[0110] no change 
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[0111] Reference Numbers in Drawings 



+0 human game player 

1 1 television (TV) set or video monitor 

4-2 human game playe r 

— H control switch 

-45 manual cross u sha p cd control switch 

1 6 memory cartridge 

19 video game system generally 

20 joystick 

22 LCD screen 

26 process of stop reading disk 

-33 LCD pictures 

-34 LCD pictures 

-35 player controlled object 

-36 simulated hand & arm 

-39- simulated hand & a r m 

-40 serial link port in portable system 

42 video game system console 

43 optical disk 

44 portable game system 

45 cable from controller to console 
-47 portable game system 

cursor 

-50 p rocesso r in portable system 

52 crypto processor 

53 RAM in p ortable system 
-54 game id 

-55 program pr ocess 

-56 video screen 

59 cursor 

-6t data bus connecting crypto processors 

-64 program p rocess 

7 1 data bus connecting crypto processor 

-76 boot ROM in p ortable system 

-80 burst cutting area (DCA) of disk 
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-8+ prog r am and data area of disk 

-82 tracks molded into disk 

-83 optical disk reader 

-84 security processo r 

86 CPU processor in console 

90 SRAM in crypto processor 

9+ boot ROM in crypto p rocesso r 

-92 address bus 

93 data bus 

94 encrypted block (key Kl , game id, serial num) 
-95 "public" key 

96 non-encrypted programs and/or data in RAM 

97 encrypted programs and/or data 

98 secret key (K2) 

99 process of block decryption (K2) 

100 secret key (Kl) 

101 disk serial numbe r random filler bits 

1 02 process of validating chip ID disk serial number 

103 bus input buffer 

104 decrypted program(s) and/or data in SRAM 

105 bus output buffer 

106 process of authenticating p rograms/data 
i6? process of RS A decryption 

+08 pr ocess of calculating hash values 

+99 key selection number 

110 table of keys 

1 1 1 process of block decrypting (Kl ) 
-H-2 hash value 

1 1 3 key selection number 

114 game product number 

115 internal data bus 

116 internal address bus 

1 1 7 video signal generator 
W LCD driver 

120 game vendor's server 

121 the Internet or other data transmission network 
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122 game software database 

123 process of reading database 

124 encrypted key (Kl) and other data 

1 28 processor cache memory 

1 29 process of block encryption (K2) 

1 30 electric battery or cell 

131 secret key (K3) 

+32 enhancement software in RAM D 

133 process of block encryption (Kl) 

1 34 processor core and ROM in crypto chip 52 

136 verify game id or checksum 

137 sending modem (modulator) 

138 receiving modem (demodulator) 

1 39 crypto chip identifier 

140 address table in cache 
44+ enhancement number 

142 process of block decryption (K4) 

1 43 file of disk serial numbe r s o r chip identifiers 

444 RS A encrypted hash value 

445 hash value 

1 47 process of block encryption (K4) 

448 lcad»in control data (encrypted key) 

449 disk molding machine 

150 process of burning DCA into disk 

■166 RS A pr ivate key 

+6? RSA encry p tion p r ocess 

236 insertion socket fo r cartridge 

239 SRAM shared 

24? multiple contact connector 

279 multiple contact connecto r 

299 cartridge circuit boa r d 

366 direct memory access (DMA) 

361- image coprocessor 

362 video RAM 

303 crypto processor 

304 session key (K4) 
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306 


process of block encryption (K3) 


307 


process of block decryption (K3) 




thermal nnicp cmirr*** 


311 


generate session key 


313 


boot ROM in crypto processor 303 


3++ 


response timer 


323 


encrypted chip identifier 


324 


retailer computer 
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